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(57) Abstract: The process 
unique identifier of most 



isists in receiving in a reception device (3 ) a content from a content provider (2) to which is attached a 
revocation list, the revocation list containing identifiers of keys, of appliances or of modules regarded 
noncompliant by a trusted third party (1). The revocation list identifier received (IndeXiR.c) is compared with a revocation list 
identifier stored (Indexes. M ) in the reception device and, in case of difference between the identifiers: - one downloads the most 
the said reception device; or - one awaits the reception of the most recent revocation list with a next content, 
es to a process for presenting a content received according to the above process. 
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Process for updating a revocation list of noncompliant keys, appliances 
or modules in a secure system for broadcasting content 

Field of the invention 

5 The present invention pertains in a general manner to the field of the 

anticopy protection of digital contents. It relates more especially to a process for 
updating a revocation list of noncompliant keys, appliances or modules in a 
secure system for broadcasting content. 

10 State of the art 

The transmission of digital data representative of contents through a 
communication network poses problems of protection of the data exchanged 
and of management of permissions or prohibitions to copy the data. 

To remedy these problems, manufacturers of multimedia hardware 

15 have proposed solutions making it possible to transmit contents in digital form 
while preventing the illicit copying of these contents. These solutions generally 
involve the use of public-key cryptographic systems in which private/public key 
pairs are generated by a trusted third party (for example a certifying authority), 
as well as the use of so-called compliant appliances or modules. 

20 Unfortunately, sometimes a private/public pair of keys is pirated, that 

is to say a "pirate" succeeds in obtaining the private key of the pair of keys, or 
else a compliant appliance or module, containing for example a secret, is 
pirated, that is to say the "pirate" obtains the secret. 

This is why it is known in a system for secure broadcasting of content 

25 to manage a revocation list containing identifiers of keys, of appliances or of 
modules which are no longer regarded as compliant by the trusted third party 
since the latter has become aware of the fact that they have been pirated. This 
revocation list must be communicated to all the participants in the system so 
that the keys, appliances or modules which are no longer compliant can no 

30 longer be used. For example, the compliant appliances of the system will refuse 
to communicate with a noncompliant appliance or with an appliance transmitting 
a noncompliant key. 

In order for this to be effective, it is necessary for the compliant 
appliances to always have the latest up-to-date revocation list. 

35 Moreover, nowadays it is common to use mass-market electronic 

appliances such as a television, a DVD reader (the initials standing for "Digital 
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Versatile Disc"), a digital recording device (in particular video recorder, DVD 
recorder or hard disk) or a computer in a digital home network. 

In this case, to ensure that the various appliances do indeed possess 
an up-to-date revocation list, it is known to routinely append the latest up-to- 
5 date revocation list to any content which enters the home network, the content 
being sent by a content provider who obtains the latest up-to-date revocation list 
from the trusted third party. 

Another known solution consists in adding a date of validity to any 
revocation list which is transmitted to the network. After this date, it is no longer 
1 0 possible for any new content to be received on the domestic network so long as 
a new up-to-date revocation list has not been received. It is therefore necessary 
for at least one appliance of the home network to request from the content 
provider for example an update of the revocation list. 

However, these known techniques have a certain number of 
15 drawbacks. 

Routinely sending the latest up-to-date revocation list with any 
content transmitted increases the cost of sending the content since a part of the 
bandwidth is allotted to the transmission of the revocation list. Moreover, a 
pirate could always replace the revocation list transmitted with the content by an 

20 older list not containing the latest updates. 

On the other hand, adding a date of validity to the revocation list 
involves more complex management at the level of the appliances of the home 
network. To achieve a good level of security, the revocation lists must be 
updated frequently. Moreover, if a new revocation list is sent before the end of 

25 the period of validity of the previous one, it may possibly be erased by a pirate 
without the appliances of the home network realizing, since the date of validity 
of the revocation list stored in the network will not have expired. 

Description of the invention 
30 The present invention aims to solve the aforesaid problems. 

Its subject is a process for updating a revocation list containing 
identifiers of keys, of appliances or of modules regarded as noncompliant by a 
trusted third party in a secure system for broadcasting content consisting in 
receiving in a reception device a content from a content provider, characterized 
35 in that a unique identifier is allotted to each update of the revocation list by the 
trusted third party, the identifier of the most recent revocation list being attached 
to the content received in the reception device, and in that the process 
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furthermore comprises a step consisting in comparing the revocation list 
identifier received with a revocation list identifier stored in the reception device 
and, in case of difference between the identifiers: 

- in downloading the most recent revocation list to the said reception 

5 device; or 

- in awaiting the reception of the most recent revocation list with a 
next content. 

Thus, one avoids transmitting the entire revocation list with each 
sending of a new content and a new revocation list is sent only when 

10 necessary, following an updating of this list. 

The invention also relates to a process for receiving a content by a 
reception device in a secure system for broadcasting content in which a 
revocation list, drawn up by a trusted third party, contains identifiers of keys, of 
appliances or of modules regarded as noncompliant by the trusted third party, 

15 characterized in that a unique identifier is allotted to each update of the 
revocation list, the identifier of the most recent revocation list being attached to 
the content received by the reception device. The process furthermore 
comprises a step consisting in comparing the revocation list identifier received 
with a revocation list identifier stored in the reception device, and in case of 

20 difference between the identifiers: in downloading the most recent revocation 
list to the reception device; or in awaiting the reception of the most recent 
revocation list with a next content. 

According to a particular characteristic of the invention, the 
revocation list unique identifier is an update index of the revocation list. 

25 According to another characteristic of the invention, the identifier of 

most recent revocation list which is received with the content is included in a 
part protected by encryption or by authentication of the content. The revocation 
list identifier therefore cannot be eliminated or modified easily by a pirate. 

According to a particular embodiment of the invention, the revocation 

30 list can contain one or more elements belonging to the set comprising: 

- at least one serial number of a public key generated by the trusted 
third party and regarded as noncompliant by the trusted third party; 

- at least one serial number of an appliance regarded as 
noncompliant by the trusted third party; 

35 - at least one serial number of a module regarded as noncompliant 

by the trusted third party; 

- at least one local network secret key identifier serving to protect 
contents against illicit copying; 
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- at least one local network secret key serving to protect contents 
against illicit copying; 

- at least the result of a calculation function, in particular a hash 
function, applied to a local network secret key serving to protect contents 

5 against illicit copying. 

According to another advantageous characteristic of the invention, 
for each element of the revocation list, its revocation index corresponding to the 
update index of the list at the moment of the insertion of the element into the 
revocation list is furthermore stored. 

10 The subject of the invention is also a process for presenting a 

content received in compliance with the process as described hereinabove 
which comprises the steps consisting for a content presentation device in: 
verifying whether the most recent revocation list at the disposal of the reception 
device does not contain any element relating to at least one key, one module or 

1 5 one appliance used by the reception device; and if the revocation list does not 
contain any of the said elements, continuing the process so as to present the 
content to a user, otherwise, stopping the process. 

As a variant of the above process, if the revocation list contains at 
least one of the said elements (that is to say an element relating to at least one 

20 key, one module or one appliance used by the reception device), the process is 
continued with the steps consisting in: comparing the revocation list update 
index attached to the content with the revocation index of the said element; and, 
if the revocation list update index attached to the content is less than the 
revocation index of the said element, continuing the process so as to present 

25 the said content to a user, otherwise, stopping the process. 

Brief description of the drawings 

The invention will be better understood on reading the description 
which follows, given merely by way of example and while referring to the 
30 appended drawings in which: 

- Figure 1 diagrammatically represents a secure system for 
broadcasting content in a digital home network in which the invention is 
implemented; 

- Figures 2 and 3 diagrammatically represent processes 
35 implemented, according to the invention, in devices of Figure 1 . 
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Detailed description of embodiments of the invention 
in Figure 1, we have represented a secure system for broadcasting 
content comprising a certifying authority 1 , which constitutes the trusted third 
party in the process of the invention, a content provider 2 and a digital home 
5 network comprising a content reception device 3, a content presentation device 
4 and a recording device 5 which are linked together by a digital bus 8 which is, 
for example, a bus according to the IEEE 1 394 standard. 

The certifying authority 1 generates in particular the private/public 
key pairs used by the various devices of the system, the public keys being 
10 contained in certificates signed by the certifying authority as is known to the 
person skilled in the art. 

The certifying authority 1 is linked to the content provider 2, which is 
for example a broadcaster of pay televised programmes. A single content 
provider 2 is represented in Figure 1 but, naturally, the invention applies also to 
15 the case where several different content providers are linked to the . certifying 
authority so as to deliver contents to users. Another content provider may in 
particular be a distributor of music programmes broadcast via the Internet. 

According to the invention, the certifying authority 1 keeps up to date 
a revocation list which contains identifiers of keys, of appliances or of modules 
20 which are no longer regarded as safe and in which the certifying authority no 
longer places any trust, in particular since it has detected that the keys, 
appliances or modules have been pirated. With each new updating of this 
revocation list, an index is incremented and the revocation list as well as the 
update index are transmitted by the certifying authority to all the content 
25 providers to which it is linked. 

Preferably, the revocation list contains serial numbers of modules, of 
appliances or of keys (in particular of the keys which it has issued) which are no 
longer regarded as safe by the certifying authority. It may also contain 
information relating to secret keys (used in so-called symmetric cryptography) 
30 used in the secure system for broadcasting content when the certifying authority 
has become aware of a pirating (for example of a public broadcasting of a 
secret key) of one of these keys. 

Moreover, the revocation list also contains, in a preferred manner, for 
each element of the list, its revocation index, that is to say the update index of 
35 the revocation list at the moment of the insertion of the element into the list. This 
advantageously makes it possible to manage the moment from which a key, an 
appliance or a module is no longer regarded as compliant and reliable by the 
certifying authority. 
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In the digital home network represented in Figure 1, the reception 
device 3 comprises a digital decoder 30 fitted with a smart card reader 
furnished with a smart card 31. This decoder receives digital contents from the 
content provider 2 via a link 6. This may be a terrestrial, cable, satellite link or a 
5 link using the Internet network. Preferably, the decoder 30 also comprises a 
return pathway 7 to the content provider. This return pathway can in particular 
use the switched telephone network. 

The reception device 3 of the home network also plays the role of 
source device in the network, that is to say it sends the contents received to 

10 other devices of the network, in particular the content presentation device 4 or 
the digital video recorder (DVCR) 5. The content presentation device 4 
comprises a digital television receiver (DTV) 40 fitted with a smart card reader 
furnished with a smart card 41. 

The digital data representing the content broadcast by the content 

15 provider 2 to the reception device 3 are generally data scrambled according to 
the principle of pay television or "conditional access" television. The data are 
scrambled with the aid of control words (CW) which are themselves transmitted 
in the data stream in a form encrypted with the aid of an encryption key K while 
being contained in control messages (ECM, standing for "Entitlement Control 

20 Message"). The encryption key K is placed at the disposal of users who have 
paid to receive the data, in particular by being stored in a smart card. 

In the example of Figure 1, it is assumed that the smart card 31 
contains such a key K. We have also represented an exemplary packet of data 
60 such as they are received by the reception device 3. 

25 Naturally, the invention applies also to the case where the digital data 

are protected by a so-called DRM system (the initials standing for "Digital Rights 
Management"). 

According to a preferred embodiment of the invention, when the data 
representative of a content are received by the decoder 30, they are 

30 subsequently shaped by the device 3 before being broadcast over the digital 
network. To do this, the ECM messages containing the control words CW 
encrypted with the aid of the key K are transformed, by a converter module 32 
contained in the smart card 31, into LECM messages (the initials standing for 
"Local Entitlement Control Message") containing the decrypted control words, 

35 the LECM messages being themselves protected with the aid of a key specific 
to the home network, in particular a secret key. An exemplary packet of data 80 
flowing around the bus 8 of the home network is represented in Figure 1. 
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According to the principle of the invention, when the content provider 
2 transmits a content to the reception device 3, it attaches to the content the 
update index of the revocation list which the certifying authority has last 
transmitted to it. 

5 This index lndex LRC is preferably contained in the ECM message 

while being protected by the key K. In particular, the index may be encrypted by 
the key K. 

For its part, the reception device 3 contains a revocation list LR_M as 
well as an update index of this list lndexi_R_M which are preferably stored in the 
10 converter module 32 contained in the smart card 31 . 

In a first preferred variant of the invention, the smart cards such as 
the card 31 are delivered by the certifying authority to the users while containing 
among other things the latest up-to-date revocation list LR M as well as the 
corresponding index lndex LRM . In a second variant embodiment, the cards do 
15 not contain any revocation list or any index when they are delivered to the 
users. 

We shall now describe, in conjunction with Figure 2, the process 
which is implemented when a new content is received in the home network by 
20 the reception device 3. 

The first step 100 consists in detecting in the content received the 
update index of the revocation list fndex LR _c- 

The second step 101, which is implemented only in the second 
variant embodiment mentioned hereinabove, consists in verifying the presence 
25 in the reception device 3 of a revocation list stored update index lndexi R _M. If an 
index lndex LRM is stored, then we go to step 102 consisting in verifying whether 
the index received in the content lndex LRC is less than or equal to the stored 
index lndex LR M - If lndex LR c ^ lndex LR _M, the process is terminated. 

Otherwise, we go to step 1 03 consisting in replacing the value of the 
30 revocation list stored update index Index^M by the index received in the 
content Index LR _ c . Likewise, if the response to the test of step 101 is negative 
(no index stored in the reception device), then we go to step 103 and the stored 
index lndex LR _M is initialized to the value of the index received in the content 
lndex LR _c- 

35 Following step 103, it is also necessary to update the stored 

revocation list LR_M in the reception device 3. This is shown diagrammatically 
in Figure 2 by step 104 which can consist either in downloading the most recent 
revocation list by using the return pathway 7 from the decoder 30 to the content 
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provider 2, or in awaiting reception of this list with a next content. In this case, it 
is envisaged that the content provider periodically sends the most recent 
revocation list with contents. 

5 When the revocation list stored index lndex LR _ M as well as the 

corresponding revocation list LR_M have been updated in the reception device 
3, the latter communicates them to the other devices of the network, with the 
exception of the recording devices such as the DVCR 5 in Figure 1. In particular 
in the example of Figure 1 , it communicates them to the presentation device 4 

10 which stores them in a terminal module 42 contained in the chip card 41. 

This terminal module 42 contains in particular a secret key specific to 
the home network and it is responsible for processing the LECM messages 
included in the data packets 80 received by the presentation device 4. By virtue 
of this secret key of the home network, the terminal module 42 is capable of 

15 recovering from the LECM message the control words CW which served to 
scramble the digital data. The presentation device 4 can then descramble the 
data so as to present them to the user. 

It will be noted that the invention applies also to the case where the 
digital home network comprises a pair of asymmetric keys which is specific to 

20 this network to protect the LECM messages. 

Coming back to the reception device 3, when the latter has 
performed the steps 100 to 104 described previously, it transforms the ECM 
message included in the digital data received into an LECM message which 
25 furthermore contains the revocation list update index lndex L R_c received with 
the content. 

If this content, which flows around the digital home network in the 
form of data packets such as the packet 80 represented in Figure 1, is recorded 
by the recording device 5, it will therefore be recorded with the most recent 
30 update index of the revocation list at the moment of the recording, this index 
being included in the LECM messages of the packets which make up the 
content. In this way, it will always be possible for the content to be viewed or 
played in the network even if later on a key or an appliance of the network are 
revoked. 

35 Preferably, the index IndexuRc inserted into the LECM message by 

the converter module 32 is inserted into a "plaintext" part of this message. 

The LECM message in fact comprises a plaintext part A containing in 
particular information regarding the type of content (audio/video...) or regarding 
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permission or otherwise to copy this content, and a protected part B containing 
in particular the control words which served to scramble the digital data 
representing the content. This part B is protected by encryption, that is to say 
the LECM message contains an encrypted version of the part B, encrypted with 
5 the aid of a key which is either the specific key of the network, or a key which 
can be retrieved by knowing the specific key of the network. The LECM 
message preferably also contains an integrity field which is the result of a hash 
function applied to the part A and to the part B (before encryption) of the 
message. 

10 Let us recall that a hash function, often denoted "Hash(x)" is a 

mathematical function which transforms a data set "x" into a data set "y" of fixed 
size, often appreciably smaller than the size of the input data, and that this 
function is a one-way function, that is to say that knowing "y", it is impossible to 
retrieve "x", such that y=Hash(x). 

15 In a variant embodiment, in particular when the LECM message does 

not comprise any integrity field, the index lndex LR _ c inserted into the LECM 
message by the converter module 32 is inserted into the protected part B of the 
LECM message. 

20 We shall now describe, in conjunction with Figure 3, the process 

which is implemented by the presentation device 4 when a content originating 
from the digital home network is to be presented to a user, and more precisely 
when each data packet 80 of the content is received by the presentation device 
4. 

25 During a first step 200, the presentation device verifies the integrity of 

the LECM message included in the data packet received. To do this, it recovers 
the part B of the LECM message by virtue of the specific secret key of the home 
network and then it calculates the result of the same hash function as that 
mentioned above, applied to the parts A and B of the LECM message, so as to 

30 compare it with the integrity field of the LECM message received. 

If this verification is positive, then the process is continued with step 
201 during which one verifies whether the revocation list LR_M stored in the 
terminal module 42 contains at least one element relating to a key, a module or 
an appliance used in the presentation device. This may be the serial number of 

35 a public key used by the presentation device (and stored preferably in the 
terminal module 42), or else the serial number of the television receiver 
appliance 40 or of the terminal module 42, or else an item of information relating 
to the secret key of the home network, stored in the terminal module 42 also 
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(this item of information may be a serial number of the secret key, the key itself 
or else the result of a hash function or of an encryption function applied to the 
key). 

If the revocation list LR_M contains no element relating to a key, a 
5 module or an appliance used in the presentation device 4, then the latter can 
present the content to the user during step 203. 

On the other hand, if the revocation list contains at least one of said 
elements, then the process is continued with step 202 consisting in verifying 
whether the revocation index of this element (the revocation index of the 
10 element being contained in the LRJM list) is greater than the index lndex L R_c 
included in the content received (more precisely, included in the LECM 
message of the packet received). This can occur when a content, recorded 
before an element has been inserted into the revocation index, is subsequently 
replayed in the home network after the element has been inserted into the list. 
15 If the above verification is positive, then the presentation device can 

present the content to the user in step 203. 

Otherwise, the process is stopped (step 204) and the content is not 
presented to the user. The process is also stopped when the verification of the 
integrity of the LECM message in step 200 is negative. The process can also be 
20 stopped, as a nonpreferred variant, when at least one element relating to a key, 
a module or an appliance used in the presentation device is included in the 
revocation list LR_M (dotted arrow represented leaving step 201). 

The invention is not limited to the embodiments which have been 
25 described hereinabove. In particular, the invention applies also to the case 
where a content is received by a single device forming a content reception and 
presentation device, without this device necessarily being included in a digital 
home network. 
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CLAIMS 



1 . Process for updating a revocation list containing identifiers of keys, 
5 of appliances or of modules regarded as noncompliant by a trusted third party 

(1) in a secure system for broadcasting content consisting: 

in receiving in a reception device (3) a content from a content 
provider (2), 

characterized in that a unique identifier is allotted to each update of 
10 the revocation list by the trusted third party (1), the identifier of the most recent 
revocation list {lndex LR _ c ) being attached to the content received in said 
reception device, and 

in that the process furthermore comprises a step (102) consisting in 
comparing the revocation list identifier received (lndex L R_c) with a revocation list 
15 identifier stored (lndex L R_M) in said reception device and, in case of difference 
between said identifiers: 

- in downloading the most recent revocation list to said 
reception device; or 

- in awaiting the reception of the most recent revocation 
20 list with a next content. 

2. Process for receiving a content by a reception device (3) in a 
secure system for broadcasting content in which a revocation list, drawn up by a 
trusted third party (1), contains identifiers of keys, of appliances or of modules 

25 regarded as noncompliant by said trusted third party, 

characterized in that a unique identifier is allotted to each update of 
the revocation list, the identifier of the most recent revocation list {lndex LR _ c ) 
being attached to the content received by said reception device, 
the process furthermore comprising a step consisting in 
30 comparing (102) the revocation list identifier received {lndex L R_c) with 

a revocation list identifier stored {lndex L R_M) in said reception device, and in 
case of difference between said identifiers: 

- in downloading the most recent revocation list to said 
reception device; or 

35 - in awaiting the reception of the most recent revocation 

list with a next content. 
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3. Process according to either one of claims 1 or 2, characterized in 
that the revocation list unique identifier is an update index of said revocation list. 

4. Process according to one of the preceding claims, characterized in 
5 that the identifier of the most recent revocation list which is received with the 

content (lndex L R_c) is included in a part protected by encryption or by 
authentication of said content. 

5. Process according to one of the preceding claims, characterized in 
10 that the revocation list contains at least one element belonging to the set 

comprising: 

- at least one serial number of a public key generated by said trusted 
third party and regarded as noncompliant by the trusted third party; 

- at least one serial number of an appliance regarded as 
1 5 noncompliant by the trusted third party; 

- at least one serial number of a module regarded as noncompliant 
by the trusted third party. 

6. Process according to one of the preceding claims, characterized in 
20 that the revocation list contains at least one element belonging to the set 

comprising: 

- at least one local network secret key identifier serving to protect 
contents against illicit copying; 

- at least one local network secret key serving to protect contents 
25 against illicit copying; 

- at least the result of a calculation function, in particular a hash 
function, applied to a local network secret key serving to protect contents 
against illicit copying. 

30 7. Process according to one of claims 5 or 6, characterized in that, 

for each element of the revocation list, its revocation index corresponding to the 
update index of said list at the moment of the insertion of the element into the 
revocation list is furthermore stored. 

35 8. Process for presenting a content received in compliance with the 

process according to one of claims 2 to 7, claims 3 to 7 being dependent on 
claim 2, characterized in that it comprises the steps consisting for a content 
presentation device (4) in: 
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-verifying (201) whether the most recent revocation list (LR_M) at 
the disposal of the reception device does not contain any element relating to at 
least one key, one module or one appliance used by said reception device; and 

- if the revocation list does not contain any of said elements, 
5 continuing the process so as to present the content to a user (203), 

- otherwise, stopping (204) the process. 

9. Process for presenting a content received in compliance with the 
process according to claim 7 taken in its dependence on claims 2 and 3, 
1 0 characterized in that it comprises the steps consisting in respect of a content 
presentation device in: 

-verifying (201) whether the most recent revocation list (LR_M) at 
the disposal of the reception device does not contain any element relating to at 
least one key, one module or one appliance used by said reception device; and 
15 - if the revocation list contains at least one of said elements: 

-comparing (202) the revocation list update index 
attached to the content (lndex LR _ c ) with the revocation index of said 
element; and 

- if the revocation list update index attached to the content 
20 is less than the revocation index of said element, continuing the 

process so as to present the content to a user (203), 

- otherwise, stopping (204) the process. 
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